Latest news with #databreaches
Daily Mail
10 hours ago
- Business
- Daily Mail
Chatbots could be helping hackers to steal data from people and companies
Generative artificial intelligence is the revolutionary new technology that is transforming the world of work. It can summarize and stores reams of data and documents in seconds, saving workers valuable time and effort, and companies lots of money, but as the old saying goes, you don't get something for nothing. As the uncontrolled and unapproved use of unvetted AI tools such as ChatGPT and Copilot soars, so too does the risk that company secrets or sensitive personal information such as salaries or health records are being unwittingly leaked. Time saver: But there are increasing concerns that using tools such as ChatGPT in a business setting could leave sensitive information exposed This hidden and largely unreported risk of serious data breaches stems from the default ability of AI models to record and archive chat history, which is used to help train the AI to better respond to questions in the future. As these conversations become part of the AI's knowledge base, retrieval or deletion of data becomes almost impossible. 'It's like putting flour into bread,' said Ronan Murphy, a tech entrepreneur and AI adviser to the Irish government. 'Once you've done it, it's very hard to take it out.' This 'machine learning' means that highly sensitive information absorbed by AI could resurface later if prompted by someone with malicious intent. Experts warn that this silent and emerging threat from so-called 'shadow AI' is as dangerous as the one already posed by scammers, where hackers trick company insiders into giving away computer passwords and other codes. But cyber criminals are also using confidential data voraciously devoured by chatbots like ChatGPT to hack into vulnerable IT systems. 'If you know how to prompt it, the AI will spill the beans,' Murphy said. The scale of the problem is alarming. A recent survey found that nearly one in seven of all data security incidents is linked to generative AI. Another found that almost a quarter of 8,000 firms surveyed worldwide gave their staff unrestricted access to publicly available AI tools. That puts confidential data such as meeting notes, disciplinary reports or financial records 'at serious risk' that 'could lead employees to inadvertently propagate threats', a report from technology giant Cisco said. 'It's like the invention of the internet – it's just arrived and it's the future – but we don't understand what we are giving to these systems and what's happening behind the scenes at the back end,' said Cisco cyber threat expert Martin Lee. One of the most high-profile cybersecurity 'own-goals' in recent years was scored by South Korean group Samsung. The consumer electronics giant banned employees from using popular chatbots like ChatGPT after discovering in 2023 that one of its engineers had accidentally pasted secret code and meeting notes onto an AI platform. Banks have also cracked down on the use of ChatGPT by staff amid concerns about the regulatory risks they face from sharing sensitive financial information. But as organisations put guardrails in place to keep their data secure, they also don't want to miss out on what may be a once-in-a-generation chance to steal a march on their rivals. 'We're seeing companies race ahead with AI implementation as a means of improving productivity and staying one step ahead of competitors,' said Ruben Miessen, co-founder of compliance software group Legalfly, whose clients include banks, insurers and asset managers. 'However, a real risk is that the lack of oversight and any internal framework is leaving client data and sensitive personal information potentially exposed,' he added. The answer though, isn't to limit AI usage. 'It's about enabling it responsibly,' Miessen said. Murphy added: 'You either say no to everything or figure out a plan to do it safely. 'Protecting sensitive data is not sexy, it's boring and time-consuming.' But unless adequate controls are put in place, 'you make a hacker's job extremely easy'.
National Post
13 hours ago
- Business
- National Post
KnowBe4 Delivers AI-Driven Email Security to Small and Medium Businesses to Tackle Outbound Email Risk
Article content Using advanced machine learning, neural networks and behavioral analytics, KnowBe4 Prevent mitigates outbound email data breaches Article content TAMPA BAY, Fla. — KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today announced the release of KnowBe4 Prevent across all market segments – an AI-driven email security product designed to enable organizations to manage the problem of outbound email risk. Following the release of Prevent Enterprise, Prevent is now available to suit the needs of small to medium-sized businesses. Article content In 2025, human error remains the leading cause of data breaches ( according to Verizon, 60% of incidents involve the 'human element'). The overwhelming volume of digital communications creates more opportunities for employees to expose sensitive information to the wrong recipients, attaching incorrect files, or inadvertently including confidential data. These breaches incur severe penalties, financial losses, and reputational damage, underscoring the critical need for prevention. However, traditional Data Loss Prevention (DLP) offerings rely solely on inflexible static rules and lack real visibility into what is being sent, to whom, and when. Article content To address this challenge, KnowBe4 introduces Prevent, an AI-native outbound email security product that alerts your employees in real time when they are about to send emails and attachments to the wrong person. Prevent proactively detects and stops the full spectrum of outbound email security threats, including: Article content Combined with detailed reporting and analytics, security teams are able to get a complete view of outbound security risk across the organization, behavioral analytics of users' interactions with Prevent's prompts and quantification of the prevented incidents to demonstrate efficacy and return on investment (ROI). Article content 'Outbound email risk continues to be one of the most persistent and costly challenges an organization can face – one that requires smarter, more adaptive approaches to effectively address them,' said Greg Kras, chief product officer at KnowBe4. 'KnowBe4 has a proven track record of effectively addressing Human Risk Management, so we are proud to expand that coverage to include outbound email risk. Prevent is the most intelligent and proactive outbound email security product among today's email data loss prevention methods. Unlike traditional products, it uses advanced machine learning and contextual understanding of user behavior to identify risky actions in real time and prevent a data breach before it occurs. This allows organizations to stop incidents at the source, empower employees to make safer decisions, and enable security teams to manage and reduce risk at scale.' Article content For more information on how KnowBe4 Prevent can help organizations mitigate outbound data loss over email, visit See how it helped KnowBe4 customer Publix Employee Federal Credit Union here. Article content About KnowBe4 Article content KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. More at Article content Article content Article content Article content Contacts Article content Article content Article content
News24
3 days ago
- Business
- News24
SA tech legal battles are exploding — our courts aren't built for this
Disputes over software failures, data breaches, and intellectual property rights are clogging courtrooms and arbitration panels. This litigation boom exposes a critical gap in South Africa's legal framework, argues Roger Wakefield of Werkmans Attorneys. South Africa's digital transformation is rewriting the rules of its economy, propelling the nation into a tech-driven future. With the IT market forecast to hit $24.5 billion by 2026, growing at a brisk 7.2% annually (Statista, 2024), industries from fintech to healthcare are reaping the rewards of innovation. Yet, this technological surge is spawning a less celebrated byproduct: a dramatic rise in IT-related litigation. As businesses lean on complex IT systems, disputes over software failures, data breaches, and intellectual property (IP) rights are clogging courtrooms and arbitration panels. This litigation boom exposes a critical gap in South Africa's legal framework, demanding a bold rethink of how the nation handles technology disputes. The stakes are colossal. In 2023, a major South African retailer sued a global software provider for R500 million after a botched enterprise resource planning (ERP) system crippled its operations. Such cases, rooted in poorly drafted contracts or unmet service-level agreements (SLAs), are becoming alarmingly common. Meanwhile, data breach lawsuits are skyrocketing, fueled by the Protection of Personal Information Act (POPIA) of 2014. The Information Regulator reported over 1 200 breach notifications in 2024 alone, with a high-profile bank facing a R1 billion class-action suit after a 2023 hack exposed 1.5 million customers' data. IP disputes are also surging, as seen in a 2022 case where a fintech startup battled a R100 million claim over alleged code theft. These cases aren't just legal skirmishes—they're existential threats to businesses navigating a digital economy. Why is IT litigation exploding? The answer lies in the complexity of modern technology and the inadequacy of current legal tools to address it. Unlike traditional commercial disputes, IT cases hinge on intricate technical evidence—think source code, system logs, or network configurations. Lawyers must translate this 'geek-speak' into arguments that resonate with judges, many of whom lack specialised tech training. South Africa's judicial system, while robust, isn't built for this. With no dedicated IT or IP courts, cases often languish in backlogs, some dragging on for over three years. The absence of tailored rules for emerging tech like artificial intelligence (AI) or blockchain only widens the gap. Contrast this with the construction industry, which has long benefitted from standardised contracts and dispute resolution mechanisms fine-tuned for its complexities. IT, despite sharing similar traits—long project timelines, technical intricacy, and high financial stakes—lacks such a framework. Software development contracts, for instance, are often vague, leaving room for disputes over scope, deliverables, or timelines. A 2023 arbitration case handled by Werksmans Attorneys underscored this: a medical scheme administrator faced a multi-million-rand claim for allegedly mimicking software functionality. The arbitrator ruled that functionality, unlike source code, isn't legally protectable—a nuance that highlights the need for clearer contractual terms. This isn't just a legal problem; it's a business one. IT disputes can derail projects, sink startups, or erode consumer trust. The 2024 dispute between a South African broadcaster and a U.S. tech firm over software licensing royalties showed how quickly disagreements can escalate, with millions in revenue hanging in the balance. Companies can't afford to treat IT contracts as afterthoughts. A well-crafted agreement isn't just paperwork—it's a shield against costly litigation and a blueprint for collaboration. Yet, too many firms skimp on legal rigor, only to pay dearly later. So, what's the fix? First, South Africa needs a specialised framework for IT disputes, akin to the construction industry's model. Standardised contracts, designed with input from tech and legal experts, could clarify expectations around IP ownership, licensing, and deliverables. Dispute resolution mechanisms, like fast-track arbitration tailored for tech cases, would prevent disputes from ballooning into existential threats. The popularity of alternative dispute resolution (ADR) is already growing—92% of global firms surveyed in 2024 favored international arbitration for tech disputes. South Africa should lean into this, incentivising mediation and arbitration to unclog courts. Secondly, the judiciary must evolve. Digitisation efforts like Court Online are a start, but they're not enough. Establishing specialised IT courts or training judges in tech fundamentals could bridge the knowledge gap. Other nations, like the UK with its Technology and Construction Court, offer a blueprint. Without such reforms, South Africa risks falling behind as a destination for tech investment. Finally, businesses must get proactive. Investing in robust contracts and compliance with laws like POPIA isn't optional—it's survival. Boards should demand tech-literate legal counsel, capable of spotting risks in software deals or cybersecurity protocols before they morph into lawsuits. The cost of prevention pales compared to the price of litigation, as the R1 billion bank case painfully illustrates. South Africa stands at a crossroads. Its IT sector is a powerhouse, driving growth and global relevance. But the litigation surge is a warning: without a legal system equipped for the digital age, this promise could falter. The nation needs more than patchwork fixes—it needs a paradigm shift. By embracing standardised contracts, specialised dispute resolution, and a tech-savvy judiciary, South Africa can turn its IT litigation challenge into a competitive edge. The alternative—sticking with an outdated legal playbook—risks stifling innovation and scaring off investors. As technology reshapes the nation, its legal system must keep pace, or the digital dream could become a litigious nightmare. Roger Wakefield is a director for litigation and dispute resolution at Werkmans Attorneys. News24 encourages freedom of speech and the expression of diverse views. The views of columnists published on News24 are therefore their own and do not necessarily represent the views of News24.
Zawya
14-05-2025
- Zawya
10% of Nigerians affected by data breaches since 2004 — Report
At least 10 out of every 100 Nigerians have fallen victim to data breaches since 2004, according to a new report by Surfshark, raising serious concerns about the country's long-standing vulnerability to cybercrimes. The research is based on data gathered from 29,000 publicly available databases. Each unique breached email address is treated as a separate user account, and breaches often include additional personal data such as passwords, phone numbers, IP addresses, and postal codes. Surfshark's report before analysis, and countries with populations under 1 million were excluded from the study. Findings of the report revealed that a staggering 23.2 million Nigerian user accounts have been compromised in the past two decades, an alarming figure in a country with an estimated population of over 230 million. This includes 7.3 million unique email addresses and 13.1 million passwords. 'Cyberattacks remain persistent and growing threats globally, and Nigeria is no exception,' Surfshark stated in its analysis. Despite a significant 85 percent drop in new data breaches in the first quarter of 2023 (falling from the previous quarter's numbers), Nigeria still recorded over 110,000 breached accounts during the period. This places the country 34th worldwide in total breach volume. 'Even with the recent decline, the scale and depth of data breaches remain troubling,' it added. According to the report, 56 percent of Nigerians are affected by breaches are at the highest risk of identity theft, accounting for the historic access to their online accounts. In 2023 alone, an estimated one Nigerian account was breached into every five minutes, Surfshark noted. The global picture also shows a dramatic shift: the number of breached accounts dropped 93 percent year-on-year—from nearly 94 million in Q1 2022 to just 6.3 million in Q1 2023. Countries with the highest number of breached users include the United States (166 million), Russia (144.5 million), and India (42.4 million). However, when adjusted for population, South Korea, Israel, and Slovenia reported the highest breach density, with South Sudan counting a mere 0.01 breached accounts per 1,000 residents. Copyright © 2022 Nigerian Tribune Provided by SyndiGate Media Inc. (
The Independent
07-05-2025
- The Independent
Over 19 billion passwords have been leaked in security ‘crisis' – here's how to check if yours is vulnerable
Over 19 billion passwords were leaked in the last year alone amid what experts are calling a cybersecurity 'crisis.' But there are ways to protect yourself. A new study by Cybernews examined more than 200 data breaches between April 2024 and 2025, and found that of the 19,030,305,929 newly exposed passwords, 94 percent of them were reused or duplicated – in some cases by different users entirely. 'We're facing a widespread epidemic of weak password reuse,' noted Neringa Macijauskaite, information security researcher at Cybernews. 'Only 6 percent of passwords are unique, leaving other users highly vulnerable to dictionary attacks. For most, security hangs by the thread of two-factor authentication – if it's even enabled.' Experts called for an acceleration of tighter security methods, highlighting that cybercriminals only require an exposed password to then access email addresses and other personal data. The leaks examined by researchers were 'loaded with information that could be used to steal accounts or impersonate affected people in identity theft attacks,' the study noted. The study found that millions still favor basic passwords that are easy to remember – and easy for hackers to guess. 'Password' is used by 56 million people, and 53 million use 'admin.' Researchers also found that '1234' is in almost 4 percent of all passwords, which is easy for hackers to guess. People's names were the second most popular choice for a password. 'Many users choose a name as part of their password. We cross-referenced the dataset with the 100 most popular names of 2025 and found that there's a whopping 8 percent chance for them to be included as part of a password,' Macijauskaite said. Others opted for positive words such as 'love,' which was in 87 million passwords analyzed, and 'sun,' used in 34 million. Swear words are also common in passwords, the research revealed. 'Passwords built from profane or offensive words might seem rare, but they're actually very common in practice,' Macijauskaite said. 'Passwords containing profanity often originate from attempts at personalization or memorability. However, such terms are prevalent in attacker wordlists and pose a substantial risk to account security.' Use password managers to create and store unique passwords for different accounts. Never reuse passwords. Make sure your password is at least 12 characters long and includes uppercase and lowercase letters, numbers, and at least one special symbol. Enable multi-factor authentication when possible, which reduces the risk even if passwords are leaked or hacked. Review access controls regularly, and perform regular security audits. Monitor and react to credential leaks.
